The role General tab lets you assign default actions for a role that will be applied to traffic not identified specifically by the set of access services contained in the role. You can also use this tab to enable TCI Overwrite functionality for the role, and enter or edit the description of the role.
The Services section displays a list of the services and service groups associated with the selected role, and provides buttons for adding and removing services, creating a new service, viewing and editing a service or service group, and showing conflicting rules.
If you have selected the Quarantine role or any role that has been specified as a quarantine action for one or more rules, you will see a Warning at the top of the tab reminding you that the role should be configured to be highly restrictive and to use caution when adding services to the role. Click the 
button to view a list of the services currently using the Quarantine role.
To access this tab, select a role in the left panel's Roles tab, then select the General tab in the right panel. Any additions or changes you make to this tab must be enforced in order to take effect
Click the graphic for more information.
- Description
- Use the Edit button to open a window where you can enter or modify a description of the role.
- TCI Overwrite
- Enable or disable TCI Overwrite functionality for the role. Enabling TCI Overwrite allows the VLAN (access control) and class of service characteristics defined in this role or any of its rules to overwrite the VLAN or class of service (CoS) tag in a received packet if that packet has already been tagged with VLAN or CoS information. If TCI Overwrite is not enabled, tagged packets will egress using the TCI data they already contain. You can also enable TCI Overwrite on a per-port basis in the Port Properties General Tab, as well as on a per-rule basis in the Rule General Tab.
Default Actions
Default actions for a role are applied to traffic not identified specifically by the set of access services contained in the role.
- Access Control
- Use the drop-down list to choose a default access control (VLAN) for the
role. You can select:
- None - No default access control specified.
- Permit Traffic - Allows traffic to be forwarded with the port's assigned VID.
- Deny Traffic - Traffic will be automatically discarded.
- Contain To VLAN - This option contains traffic to the VLAN specified. Use the drop-down list to the right to select the desired VLAN.
- Class of Service
- Use the drop-down list to choose a default class of service (priority) for the role, create a new class of service,
or select None if no class of service is desired.
The drop-down list displays all of the classes of service for the current domain and also allows you to edit a class of service using the Edit button
.
- System Log
- When this option is enabled, a syslog message is generated as long as no matching rules specify that sending a syslog message is prohibited (that is, the rule's system log action is set to "Prohibited" on the Rule General tab). When the option is disabled, the system log setting is ignored.
- Audit Trap
- When this option is enabled, an audit trap is generated as long no matching rules specify that sending an audit trap is prohibited (that is, the rule's audit trap action is set to "Prohibited" on the Rule General tab). When the option is disabled, the audit trap setting is ignored.
- Disable Port
- When this option is enabled, the port is disabled as long no matching rules specify that disabling the port is prohibited (that is, the rule's disable port action is set to "Prohibited" on the Rule General tab). Ports that have been disabled due to this option are displayed in the device Role/Rule tab. When the option is disabled, the disable port setting is ignored.
- Traffic Mirror
- Use the drop-down list to specify port groups where mirrored traffic will be sent for monitoring and analysis. Select View/Modify Port Groups to open the
Port Groups tab where you can define
user-defined port groups for selection.
To the right of the drop-down menu is an option to mirror only the first (N) packets of a flow. This option is intended for use when mirroring traffic to an Application Analytics engine. The Application Analytics engine only needs the initial packets of a flow to properly identify the traffic, and setting this option will reduce network traffic overhead for the switch and engine. By default this number is set to 10, but can be changed by clicking on the Edit button.
| NOTE: | The value you set is used by all mirror actions in use in the current domain. |
|---|
Services
- Name
- Lists the names of the services and service groups (local and global) associated with the selected role.
- Also Used By Roles
- List the other roles using this service. If the service is a global service, the domain name is also displayed if the role is in a different domain.
- Add/Remove Services Button
- Opens the role Add/Remove Services window, where you can add and remove services and service groups to and from any of the existing roles.
- Create Service Button
- Opens the Service Wizard, where you can create a new service.
- View/Edit Service/Grp Button
- Select a service or service group in the table and click this button to open the left-panel Services tab. The appropriate service or service group will be selected and you can access its right-panel tabs.
- Show Conflicting Rules Button
- If the rules in a Global service conflict with the rules in a Local service, the Name column will display a message indicating that the global rules will be overridden by the local rules. Click on the Show Conflicting Rules button to open a window that displays the rule conflicts and shows specifically which rules will be used and which will be overridden. For more information, see Conflict Checking.
For information on related tasks: